frida-read-process-memory
v1.0.0
Published
Stream the memory of a running process
Downloads
6
Readme
frida-read-process-memory
Stream the memory of a running process.
Example
var frida = require('frida');
var Read = require('frida-read-process-memory');
var bytes = require('bytes');
var session = // frida process session
var reader = Read(session);
reader.on('total', function(t){
console.log('reading a total of %s', bytes(t));
});
reader.on('range', function(r){
console.log('reading %s (%s)', r.baseAddress, bytes(r.size));
});
reader.on('skip', function(r){
console.log('skip %s', r.baseAddress);
});
reader.on('progress', function(p){
console.log(
'read %s%',
Math.round(p.bytesRead/p.bytesTotal*100*100)/100
)
});
reader.on('end', function(){
session.detach();
});
reader.pipe(yourDestination);
Check example.js
for a script that connects to a phone via USB and dumps the foremost application's memory to dump.out
.
Installation
$ npm install frida-read-process-memory
API
Read(session)
Create a read stream streaming data from given session
.
#on('total', fn)
Called once with the total number of bytes to read.
#on('range', fn)
Called when about to read a range.
#on('skip', fn)
Called when skipping a rance because of an access violation.
#on('progress', fn)
Called after successfully reading a range, with .bytesRead
and .bytesTotal
.
Caveats
There is a race condition where process memory is remapped after the memory ranges are fetched, but before they're read. Memory not available anymore will simply be ignored.
License
MIT